From 3fe65bababb83329f4632963aaa1b912f98692da Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 5 Feb 2014 11:25:24 -0800
Subject: [PATCH] Fix NFC image transfer

Image transfer over NFC is broken.

  STEPS TO REPRODUCE:
  -----------------------------------------
  1. Launch Gallery and open any picture
  2. Keep two devices close each other
  3. Tap on 'Touch to Beam' option on sender device and observe receiver device

  OBSERVED RESULTS:
  'Beam did not complete' message showing in Notification window.

  EXPECTED RESULTS:
  Beam should complete successfully and able to share picture through Beam

  ADDITIONAL INFORMATION :
  Device : Hammerhead
  Reproducibility : 3/3

Addresses the following denials:

<5>[ 3030.955024] type=1400 audit(1391625834.066:72): avc:  denied  { call } for  pid=311 comm="Binder_2" scontext=u:r:surfaceflinger:s0 tcontext=u:r:nfc:s0 tclass=binder
<5>[ 3049.606559] type=1400 audit(1391625852.716:74): avc:  denied  { write } for  pid=26850 comm="id.nfc:handover" name="0" dev="fuse" ino=3086221568 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir
<5>[ 3049.606802] type=1400 audit(1391625852.716:75): avc:  denied  { add_name } for  pid=26850 comm="id.nfc:handover" name="beam" scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir
<5>[ 3049.607068] type=1400 audit(1391625852.716:76): avc:  denied  { create } for  pid=26850 comm="id.nfc:handover" name="beam" scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir
<5>[ 3049.610602] type=1400 audit(1391625852.716:77): avc:  denied  { remove_name } for  pid=26850 comm="id.nfc:handover" name="IMG_20140205_104344.jpg" dev="fuse" ino=3086246328 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir
<5>[ 3049.610870] type=1400 audit(1391625852.716:78): avc:  denied  { rename } for  pid=26850 comm="id.nfc:handover" name="IMG_20140205_104344.jpg" dev="fuse" ino=3086246328 scontext=u:r:nfc:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file

Bug: 12891504

(cherry picked from commit 629c98c211580999fe000d337a4cbcf38dc4395e)

Change-Id: I7832cc2b66c88092b05581503e338cf8b6e1c0ec
---
 nfc.te            | 3 +++
 surfaceflinger.te | 1 +
 2 files changed, 4 insertions(+)

diff --git a/nfc.te b/nfc.te
index ca7a89d97..d0e4d83fd 100644
--- a/nfc.te
+++ b/nfc.te
@@ -12,3 +12,6 @@ allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
 
 allow nfc sysfs_nfc_power_writable:file rw_file_perms;
 allow nfc sysfs:file write;
+
+allow nfc sdcard_type:dir create_dir_perms;
+allow nfc sdcard_type:file create_file_perms;
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 24c20ebfc..9c58afafc 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -12,6 +12,7 @@ unix_socket_connect(surfaceflinger, property, init)
 # Perform Binder IPC.
 binder_use(surfaceflinger)
 binder_call(surfaceflinger, system_server)
+binder_call(surfaceflinger, nfc)
 binder_service(surfaceflinger)
 
 # Access the GPU.
-- 
GitLab